Presentation is loading. Please wait.

Presentation is loading. Please wait.

How things go wrong. The lucky one and the unlucky one Dr. Stefan Lüders (CERN Computer Security Officer) 3 rd (CS) 2 /HEP Workshop, Grenoble (France)

Published byRobert Trujillo Modified over 10 years ago

Similar presentations

Presentation on theme: "How things go wrong. The lucky one and the unlucky one Dr. Stefan Lüders (CERN Computer Security Officer) 3 rd (CS) 2 /HEP Workshop, Grenoble (France)"— Presentation transcript:

1 How things go wrong. The lucky one and the unlucky one Dr. Stefan Lüders (CERN Computer Security Officer) 3 rd (CS) 2 /HEP Workshop, Grenoble (France) October 9 th, 2011

2 Dr. Stefan Lüders (CERN IT/CO) DESY 20. Februar 2007 How things go wrong. Dr. Stefan Lüders 3 rd CS2HEP October 9 th 2011 The Lucky One

3 Dr. Stefan Lüders (CERN IT/CO) DESY 20. Februar 2007 How things go wrong. Dr. Stefan Lüders 3 rd CS2HEP October 9 th 2011 The SCADA Researcher A month earlier, the Researcher reported to the U.S. Department of Homeland Security who informed us via SWITCH and MELANI.

4 Dr. Stefan Lüders (CERN IT/CO) DESY 20. Februar 2007 How things go wrong. Dr. Stefan Lüders 3 rd CS2HEP October 9 th 2011 What happened?

5 Dr. Stefan Lüders (CERN IT/CO) DESY 20. Februar 2007 How things go wrong. Dr. Stefan Lüders 3 rd CS2HEP October 9 th 2011 Counter-Measures Standard event response: Inform stakeholders Prepare press statement Take documents offline incl. Google cache Change passwords on all instances (can be costly!) Check access logs for unauthorized activity: Weve been able to identify the corresponding actions, e.g. the original scan for the document and WTS accesses Lessons Learned: Starting to block access from the Internet for selected service accounts (i.e. non-personal accounts) Working on a general policy prohibiting service accounts on LXPLUS and CERNTS

6 Dr. Stefan Lüders (CERN IT/CO) DESY 20. Februar 2007 How things go wrong. Dr. Stefan Lüders 3 rd CS2HEP October 9 th 2011 The Unlucky One

7 Dr. Stefan Lüders (CERN IT/CO) DESY 20. Februar 2007 How things go wrong. Dr. Stefan Lüders 3 rd CS2HEP October 9 th 2011 The Attack

8 Dr. Stefan Lüders (CERN IT/CO) DESY 20. Februar 2007 How things go wrong. Dr. Stefan Lüders 3 rd CS2HEP October 9 th 2011 Counter-Measures Standard event response: Inform stakeholders Prepare press statement Check network logs and attacker Ips Forensics of compromised server Difficult if local admins already have tampered with the data Determination of compromise extent Reinstallation after all (painful) Lessons Learned: Patching is a must Central syslogging is a must, too Adequate security training is beneficial for all (Once bitten, twice shy ) Deployment of so-called Security Baselines

9 Dr. Stefan Lüders (CERN IT/CO) DESY 20. Februar 2007 How things go wrong. Dr. Stefan Lüders 3 rd CS2HEP October 9 th 2011 Security Baselines …define basic security objectives …are simple, pragmatic & complete, and do not imply technical solutions All systems/services must be implemented and deployed in compliance with their corresponding Security Implementation Document Non-compliance will ultimately lead to reduced network connectivity (i.e. closure of CERN firewall openings, ceased access to other network domains, full disconnection from the network). Today, we have Security Baselines… …for servers (EDMS 1062500)EDMS 1062500 …for file hosting services (EDMS 1062503)EDMS 1062503 …for web hosting services (EDMS 1062502)EDMS 1062502 …for Industrial Embedded Devices (EDMS 1139163)EDMS 1139163

10 Dr. Stefan Lüders (CERN IT/CO) DESY 20. Februar 2007 How things go wrong. Dr. Stefan Lüders 3 rd CS2HEP October 9 th 2011 Prevention is the key Training & Awareness Dedicated training courses on Secure programming in Java/PHP/Perl/Python and …for Web applications Mandatory on-line security course every two years for all CERN account owners Awareness poster campaign through-out CERN Check out at http://cern.ch/security/training/en/index.shtml Consulting & Assistance Helping system owners with securing their services Website scanning …plus Nessus…

11 Dr. Stefan Lüders (CERN IT/CO) DESY 20. Februar 2007 How things go wrong. Dr. Stefan Lüders 3 rd CS2HEP October 9 th 2011 Thank you! Questions?

Download ppt "How things go wrong. The lucky one and the unlucky one Dr. Stefan Lüders (CERN Computer Security Officer) 3 rd (CS) 2 /HEP Workshop, Grenoble (France)"

Similar presentations

Presented by Nikita Shah 5th IT ( )

Presented by Nikita Shah 5th IT ( )
Secure Email and Web Browsing Sébastien Dellabella – Computer Security Team.

Secure and Web Browsing Sébastien Dellabella – Computer Security Team.
4 th Control System Cyber-Security Workshop Exchanging ideas on HEP security Dr. Stefan Lüders (CERN Computer Security Officer) 4 th (CS) 2 /HEP Workshop,

4 th Control System Cyber-Security Workshop Exchanging ideas on HEP security Dr. Stefan Lüders (CERN Computer Security Officer) 4 th (CS) 2 /HEP Workshop,
Being Proactive and Less Reactive in Security Operations and Cyber Attack Response Christina Raftery, MCSE, CISSP FBI Los Angeles Field Office.

Being Proactive and Less Reactive in Security Operations and Cyber Attack Response Christina Raftery, MCSE, CISSP FBI Los Angeles Field Office.
3 rd Control System Cyber-Security Workshop A Summary of this year’s meeting Dr. Stefan Lüders (CERN Computer Security Officer) with contributions from.

3 rd Control System Cyber-Security Workshop A Summary of this year’s meeting Dr. Stefan Lüders (CERN Computer Security Officer) with contributions from.
The Case for Tripwire® Nick Chodorow Sarah Kronk Jim Moriarty Chris Tartaglia.

The Case for Tripwire® Nick Chodorow Sarah Kronk Jim Moriarty Chris Tartaglia.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Auditing Active Directory Presented to the National State Auditors Association 2014 Information Technology Conference.

Auditing Active Directory Presented to the National State Auditors Association 2014 Information Technology Conference.
HIPAA Security Standards What’s happening in your office?

HIPAA Security Standards What’s happening in your office?
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Presented by C.SARITHA ( 07R91A0568) INTRUSION DETECTION SYSYTEM.

Presented by C.SARITHA ( 07R91A0568) INTRUSION DETECTION SYSYTEM.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Designed By: Technical Training Department

Designed By: Technical Training Department
Building a Campus Dshield Randy Marchany IT Security Lab VA Tech Blacksburg, VA 24060

Building a Campus Dshield Randy Marchany IT Security Lab VA Tech Blacksburg, VA 24060
Network security policy: best practices

Network security policy: best practices
Mobility Methods for document access while away from the office.

Mobility Methods for document access while away from the office.
Technical Training: DIR-615

Technical Training: DIR-615
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Similar presentations

Ads by Google